Authenticating across domains

[Cole, Timothy D.]

> -----Original Message-----
> From:	Christian E [SMTP:cej at ti.com]
> Sent:	Tuesday, December 21, 1999 11:51
> To:	Cole, Timothy D.; Samba Mailing list
> Subject:	Re: Authenticating across domains
> 
> "Cole, Timothy D." wrote:
> > 
> > > -----Original Message-----
> > > From: Christian E [SMTP:cej at ti.com]
> > > Sent: Tuesday, December 21, 1999 11:05
> > > To:   Multiple recipients of list SAMBA-NTDOM
> > > Subject:      Authenticating across domains
> > >
> > > Hi,all
> > >
> > >       I've seen this question before, but I don't think it was
> answered.
> > > Does
> > > anyone know how to authenticate with more than one domain ? I have a
> > > problem at the moment with a user who would like access to our file
> > > server from another domain. The NT domains have a trust set up but
> still
> > > we get "invalid user name or password" when we try to connect to the
> > > samba box..It works to another NT box across the domain though...
> > >
> >         Is the samba box a PDC?  If not, is "security = domain", and
> does
> > the domain it is in trust the other domains?
> 
> 
> 	It is not a PDC and security is set to domain  . It authenticates
> with
> an NT BDC which is in a domain who is trusting the other domain...Is it
> necessary to point to a BDC/PDC in the other domain ??
> 
	Hmm, no, that probably wouldn't do what you want.  In "security =
domain", it definitely has to be pointing to a PDC/BDC of the domain it's a
member of (in general it should be anyway)

	I have no idea if this will make a difference, but ideally rather
than just the one BDC, you should probably specify the PDC and then all of
the BDCs for the domain on the one "password server = " line, separated by
whitespace.  (i.e. "password server = SMYDOM00 SMYDOM01 SMYDOM02")  At least
that's how we have it here, and domain trust relationships seem to work.